PHP/Rst.CO!tr.bdr
Analysis
PHP/Rst.CO!tr.bdr is a generic detection for a backdoor Trojan.
Since this is a generic detection, this malware may have varying behaviour.
Below are some of the observed characteristics/behaviours:
- This malware may be implanted in hijacked websites.
- Once implanted, this malware may feign a GIF but has embedded PHP that may have some or all of the following capabilties:
- allow for file uploading
- allow for command line executions
- allow for database manipulation
- reveal user info
- involve password cracking techniques
- Below is an illustration of this malware:
- Figure 1: Malware.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |